Virus Name: Trojan-Dropper:W32/Stuxnet (Remove Manualy)

Name: Trojan-Dropper:W32/Stuxnet
Category: Malware
Type : Rootkit
Platform: W32
Detection Names : Rootkit:W32/Stuxnet, Exploit:W32/WormLink
            
  C:\WINDOWS\system32\drivers\MRXCLS.sys --> Rootkit.Stuxnet.A
  --> HKLM\System\ControlSet002\Enum\Root\LEGACY_MRXCLS
  --> HKLM\System\ControlSet002\services\MRxCls\"ImagePath"

  C:\WINDOWS\system32\drivers\MRXNET.sys --> Rootkit.Stuxnet.A
  --> HKLM\System\ControlSet002\Enum\Root\LEGACY_MRXNET
  --> HKLM\System\ControlSet002\services\MRxNet\"ImagePath"

  First Trun-of Autorun: Manual Removal Using IS2010

  •  Right click My Computers > Properties > Hardware > Device Manager:
      - Go to View > Show Hidden Devices
      - Go to Non-Plug and Play Drivers
  •  Disable both MRXNET and MRXCLS:

  Manual Removal Instructions
  •  Delete the following Registry Keys:
           - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxCls
           - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxNet
  •  Delete the following files:
           1. %windir%\inf\mdmcpq3.PNF
           2. %windir%\inf\mdmeric3.PNF
           3. %windir%\inf\oem6C.PNF
           4. %windir%\inf\oem7A.PNF
           5. %windir%\system32\drivers\mrxcls.sys
           6. %windir%\system32\drivers\mrxnet.sys
  •  Turn-off AutoPlay on all drives (for more details, see http://support.microsoft.com/kb/967715).
  •  Reboot the system.
  •  Clean the malware components from the infected USB thumb drive:
           1. Open Command Prompt
           2. Change drive to USB drive
           3. Run command "del *.lnk"
           4. Run command "del *.tmp"
thank you............